Juxtaposition

I have been wrestling with my dspam configuration on Ubuntu for quite some time and think I finally got it set up the optimal way. It took building a custom modern dspam package myself, with the help of a kind soul who built a custom package for Debian etch.

I get tens of thousands of spam messages to my personal accounts each month. And there are many more going to other users at my domain. It has been getting worse recently. This primarily caused me to take more drastic action and implement realtime blackhole lists to block spam from even entering my mail system. It is absolutely stunning to see how much spam gets blocked vs. how much gets in now. I haven't calculated the stats but on a cursory look at my logs, it is well over 70% that is being dropped on the floor now.

I was having a really bad issue with dspam 3.6.8 that comes with Ubuntu. Turns out this is a very old version of dspam. 3.8.0 has been out for well before the current 7.10 release yet it is only now being looked at for inclusion in 8.04 in April 2008. Ugh. Part of the problem is that upstream Debian hasn't upgraded yet in any of their repositories -- even unstable. Reference: https://bugs.launchpad.net/ubuntu/ source/dspam/ bug/160139

Alas, I set about building my own. I found a great resource at http://packages.kirya.net/debian/pool/main/d/dspam/ that had binary builds for debian etch and the source packages. Rather than wrestle with redoing the work of applying 3.6.8 patches to 3.8.0, I started with this and it actually builds everything cleanly on Ubuntu 7.04 just fine.

First thing is to make sure you have all of the prerequisites for building packages and building dspam. dspam requires at least mysql, postgres, ldap, zlib and other libraries to build, as well as automake and other build tools.

sudo apt-get install build-essential
sudo apt-get build-dep dspam

wget http://packages.kirya.net/debian/pool/main/d/dspam/dspam_3.8.0-1.1etch1.diff.gz
wget http://packages.kirya.net/debian/pool/main/d/dspam/dspam_3.8.0.orig.tar.gz

tar xvzf dspam_3.8.0.orig.tar.gz
gunzip dspam_3.8.0-1.1etch1.diff.gz
cd dspam-3.8.0
patch -p1 < ../dspam_3.8.0-1.1etch1.diff

chmod 755 debian/rules
fakeroot debian/rules binary

cd ..
sudo dpkg -i libdspam7-drv-mysql_3.8.0-1.1etch1_i386.deb \
libdspam7_3.8.0-1.1etch1_i386.deb \
dspam_3.8.0-1.1etch1_i386.deb \
dspam-webfrontend_3.8.0-1.1etch1_all.deb \
dspam-doc_3.8.0-1.1etch1_all.deb

smtpd_recipient_restrictions =
      check_recipient_access hash:/etc/postfix/dspam_retrain_aliases,        
      permit_mynetworks,
      reject_unauth_destination,
      check_recipient_access pcre:/etc/postfix/dspam_incoming_filter,
      ....
      permit

dspam-fp@dspam-fp.example.com                  FILTER dspam-fp:innocent
dspam-add@dspam-add.example.com             FILTER dspam-add:spam

# only allow local network to post to these entries
dspam-add unix   -   n   n   -   -   pipe
    flags=Rhq user=dspam argv=/usr/bin/dspam --mode=toe --user dspam-add@dspam-add.example.com --class=spam --source=error
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=192.168.1.0/24

# only allow local network to post to these entries
dspam-fp unix - n n - - pipe
    flags=Rhq user=dspam argv=/usr/bin/dspam --mode=toe --user dspam-fp@dspam-fp.example.com --class=innocent --source=error
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=192.168.1.0/24

# Using this to block lots of non-US character set emails
header_checks = regexp:/etc/postfix/header_checks

/^Subject:.*=\?big5\?/ REJECT No foreign character sets, please.
/^Content-Type:.*charset=.*big5/ REJECT No foreign character sets, please.
/^Subject:.*=\?euc-kr\?/ REJECT No foreign character sets, please.
/^Content-Type:.*charset=.*euc-kr/ REJECT No foreign character sets, please.
/^Subject:.*=\?gb2312\?/ REJECT No foreign character sets, please.
/^Content-Type:.*charset=.*gb2312/ REJECT No foreign character sets, please.
/^Subject:.*=\?iso-.*-jp\?/ REJECT No foreign character sets, please.
/^Content-Type:.*charset=.*iso-.*-jp/ REJECT No foreign character sets, please.
/^Subject:.*=\?koi8\?/ REJECT No foreign character sets, please.
/^Content-Type:.*charset=.*koi8-r/ REJECT No foreign character sets, please.
/^Subject:.*=\?ks_c_5601-1987\?/ REJECT No foreign character sets, please.
/^Content-Type:.*charset=.*ks_c_5601-1987/ REJECT No foreign character sets, please.
# headers with 8 special characters... spam
/[^[:print:]]{8}/ REJECT Special chars in header a no-no.

Posted by at 9:13 PM | Permalink | Comments (5) | TrackBacks (0)

I've found these fascinating and hilarious through boingboing. Here are some links to some digital photography / photoshopping contests:

DPChallenge - A Digital Photography Contest
Worth 1000 Photoshop Contests
Fark often has photoshopped photos or contests posted.

The IEEE sees the writing on the wall for CRTs: IEEE Spectrum: Goodbye, CRT I'm looking to snag some nice tasty 19" Samsungs like this at Newegg on sale this month for $179

Also, here's an op-ed by Sam Harris on the 10 myths -- and 10 truths -- about Atheism Unfortunately, the word "Atheist" is so politically charged and has so many meanings to different Atheists that I prefer to stick with "Nontheist" for now. But the tide may be changing with Sam Harris and Richard Dawkins at the forefront, and the skeptical movement picking up steam.

Posted by at 10:19 PM | Permalink | Comments (1) | TrackBacks (0)

I just finally fixed my modified Vixburg style for Movable Type so that it makes use of wider browsers. Many times, quotes or pictures or preformatted text get chopped by the small center column. I tried for hours to get a decent 3 column layout where the center column will be fluid and take up as much available space as is there, to no avail. Best I could do was set 65% as the width and that does most of what I hoped for, at least for a 1280x1024. The true holy grail is at this site, but would require me building a whole new style to match kind of what I have using this as the base http://www.glish.com/css/7.asp The right column does not flitter away underneath the content as happens with mine when the page is sized smaller. *sigh*

Anyhow, take a look at my css for my tweaks at the bottom and I hope this makes things more readable.

Posted by at 9:41 PM | Permalink | Comments (0) | TrackBacks (0)

BookMooch: a community for exchanging used books (book swap and book exchange and book trade)

I am loving Bookmooch. I've mailed out several books so far that were sitting in my basement and am going to hopefully get some good ones in return. This was a great idea that my friend Mike and I actually had in college after the annoyance of paying $60 for a book that the bookstore on campus would only buy back for a pittance; only to turn around and sell it for $60 again. I'm glad someone else coded it. Maybe I'll actually get something for those books I chose to keep rather than get loose change for. Check out my mooch link on the left nav bar: my Bookmooch list

Posted by at 11:44 PM | Permalink | Comments (0) | TrackBacks (0)

Ouch. Clever page title though: "There goes our five nines..."

Posted by at 10:42 PM | Permalink | Comments (0) | TrackBacks (0)

The National Institute of Standards and Technology (NIST) recently published a paper condemning paperless electronic voting machines as insecurable.  I'll have to read the paper in-depth to see how they came to that strong of a conclusion, but I do know that there is no research showing that a purely electronic system can be completely trustworthy.

It's amazing how far this subject has come in just a few years, yet how far it still needs to go as evidenced by the irregularities in the recent 2006 midterm election.

Slashdot | NIST Condemns Paperless Electronic Voting

Posted by at 11:58 PM | Permalink | Comments (0) | TrackBacks (0)

I've been wondering this and noting that more and more products are coming wrapped in this stuff.  I use a tchochke that I got from Tripwire that has a tiny corner of a razor blade on it to open these packages, but even then, the cut plastic package is sharper than the razor.  I've cut myself on several occasions.  The unusual shapes of the packages doesn't make it very easy to cleanly open either.

Slashdot | Plastic Packages Cause Injuries, Revolt

Posted by at 11:54 PM | Permalink | Comments (0) | TrackBacks (0)

I'm trying this right now on Edgy Eft:

po-ru.com: Fixing ffmpeg on Ubuntu

It seems one can set DEB_BUILD_OPTIONS=risky to enable the missing codecs rather than editing debian/rules and building the package manually.

sudo apt-get build-dep ffmpeg

sudo apt-get install liblame-dev libfaad2-dev libfaac-dev libxvidcore4-dev checkinstall fakeroot

DEB_BUILD_OPTIONS=risky fakeroot apt-get source ffmpeg --compile

sudo dpkg -i ffmpeg-blah.dpkg

Posted by at 12:52 AM | Permalink | Comments (0) | TrackBacks (0)

So, there happen to be these unwritten rules of style that change all the time that nobody seems to tell you about and it's hard to ask and for many, harder to know you should ask. And there are people in the work world that do judge you by your appearance, for better or worse, consciously and unconsciously.  Here is some advice that I have culled from significant others, from experience and observation in the workplace, from the advice in Esquire, and even from What Not to Wear on TLC.

• No pleated pants
Get rid of your pleated pants in favor of flat-front pants. Flat-front pants are simpler, more modern looking, make you look slimmer, and not like an old man.

• Clothes should look new and fresh
If your sweaters are pilled and your pants have wallet or knee wear marks, or the cuffs are frayed, it's time to get some new clothes. Buy something new and donate the old.

• Get pants with the proper length
If you don't know your length, get measured or fitted in a store sometime. Your pants should "break" at the ankle and continue down slightly over your shoe. If you can see your socks when standing, your pants are too short!

• Appropriate sock color
White socks are generally not going to work with any business casual attire, unless is Miami Vice white suit day, but even then you probably would be better going without socks...but I digress. The general rule with socks is they should not be noticeable! If your socks stand out, they are wrong for your outfit. I mostly wear neutral socks that match my pants to not draw attention to them. If you are wearing athletic socks with slacks you need to go to Costco and get some Gold Toe dress socks and save the nike socks for the gym.

• Your shoes tell all
They say you can tell a man by his shoes--they make or break an outfit. You can be totally put together elsewhere but if your shoes are crap, it's game over.  What do your shoes say about you? Are they tired, scuffed, worn and dirty or new, sleek, stylish and shiny? It sucks but you really should have several pairs of shoes so that you can rotate them. Avoid wearing one pair day-in and day-out so that they will last longer and look fresh when you do wear them. I've even bought two of the same less expensive pairs of shoes that I liked to keep them looking nicer longer.  Oh, and invest in a shoe brush and some instant shine pads.  Esquire recommends using black polish--even with brown shoes. 

• Wear the right size shirt
This is another one of those things you're never taught: how to know you have the right size shirt. Here's the best way to know: Where the sleeves attach to the main body of the shirt, it makes a line. That line should roughly be even with the very edge of your shoulder blade. More than a 1/4 inch past that and your shirt is probably too big. I often see this with people who wear golf shirts (even PGA pros are bad offenders. Tiger Woods does it right though). Another way to tell if your short-sleeve shirt is too big is if your sleeves extend far past your elbow. They should probably end short of your elbow if it is sized correctly. Having the right size shirt means a sharper, put-together look. Oversized shirts tend to look sloppy or overly-casual.

• Dress for the position you want, not the one you have.
Hey, I've been there where I loved being able to wear jeans and a T shirt because, hey, nobody sees me in the server room. But, if you have higher aspirations or if you interface with business folks who tend to dress nicer than you, then your clothes can be a distraction from you and your message. If anything, your clothes should be neutral or enhance your message. Beware of some managers who get nervous if their underlings dress nicer than they do, but that isn't really your problem--it's theirs for not dressing to their level in the organization!

• Skip ironing -- use the cleaners!
Nothing says sloppy like a button-down shirt that has not been ironed or is poorly ironed. The difference I found with people who truly look sharp is not just tailoring but well-maintained clothing. It is so cheap to have someone else iron your shirts and it looks 1000 times better than if you try to do it that it is well worth the investment. And you can usually get a couple of wears out of each shirt before it needs to be sent back for cleaning and ironing. I pay $0.99 / shirt. If you have nice pants, you can usually get away with ironing them yourself but professional pressing also looks a lot better and holds longer than home ironing.

Posted by at 12:30 AM | Permalink | Comments (0) | TrackBacks (0)

This is an article from a year ago that showed how each vendor was able to respond to key virus outbreaks.  They also show the data from the previous year.

I personally recommend F-Secure's product.  The base product gives you everything you need for anti-spyware and malware and is inexpensive.  It is not a huge fat pig like some of the products out there (McAfee...)  I've heard from others who enjoy Kapersky as well, so either of those would be good choices and happen to both top this list.

I also personally got rid of McAfee products after a multitude of issues:

1. The product is seriously bloated and the Security Center product seems geard toward selling other products by McAfee than providing normal users with value.
2. Many of the products in the suite are not well integrated.  They often had their own installers and were a real pain to uninstall.
3. Lots of errors resulting in having to reinstall the product (without there being an easy way to do so).
4. Their website security is horrendous.  My wife forgot her password to their site so she used their "forgot my password" feature.  Guess what?  They emailed her, not a new random password, but her _actual password_  This from a security company!  They either store passwords without encryption or store them with reversible encryption--both of which are seriously bad ideas and McAfee should know better.
5. Their suite product line is very expensive and the price seems to go up every year.  They have since reworked their product line and it seems to be better now.
6. I read the F-Secure blog and can tell those guys really get security.
7. McAfee was the company with the poor QA that removed critical Office files to "protect" you and also mislabeled a legitmate ISP software program
8. McAfee products, like Symantec, have suffered from some local privilege escalation vulnerabilities or remote buffer overflows.  The cure is worse than the disease?

Ranking Response Times for Anti-Virus Programs - Security Fix

Posted by at 11:21 PM | Permalink | Comments (0) | TrackBacks (0)

I would add a 5th item:

5. Develop Reusable Security Architectures that cover common scenarios and include appropriate protection by design

Tools are sexy; secure design is hard.  That's why you see so many tools and vendors hawking tools but not as much work.  I hear from people all the time who talk about this tool or pen testing or scanning some server or how you need to hack your wireless network to be secure.  That is a bunch of crap in general because trying to audit your way to security is bottom-up grass-roots and can only get you so far.  It's an early maturity model to be spending so much time and energy on audits and pen tests instead of security design reviews and developing security architectures.  It's a lot easier and sexier to say you hacked a wireless network.  We need to get to where it is just as cool to say you developed a wireless network security architecture such that you don't care who is connected to the wireless network because your security is not so brittle as to lose sleep over it.  Where are those reusable models made open source?

As for item #3, I don't think that I believe that there can be "quantitative" security risk management.  The biggest problem is that there is not enough good data to base future risk upon (try this:  how do you quantify risk of brand damage due to event X?). 

Item #4 is very important and speaks to ensuring security systems are usable.

CRA (Computing Research Association) Grand Research Challenges

Four Grand Challenges in Trustworthy Computing:

1. Eliminate epidemic-style attacks (viruses, worms, email spam) within 10 years;
2. Develop tools and principles that allow construction of large-scale systems for important societal applications -- such as medical records systems -- that are highly trustworthy despite being attractive targets;
3. Develop quantitative information-systems risk management to be at least as good as quantitative financial risk management within the next decade;
4. Give end-users security controls they can understand and privacy they can control for the dynamic, pervasive computing environments of the future.

Posted by at 10:47 PM | Permalink | Comments (0) | TrackBacks (0)

It's still a shitty law though.  Something else I will happily ignore to avoid my fair use rights being infringed.  Again, how could I watch DVDs (legally rented/owned) on my Linux box without doing so?

Boing Boing: Copyright Office creates 6 DMCA exemptions

the office refused to grant exemptions that would benefit the general public -- space- and format-shifting, backing up your DVDs -- and they took back an earlier exemption that let people reverse-engineer the blacklists maintained by censorware companies to bring some transparency to their process.

Posted by at 10:19 PM | Permalink | Comments (0) | TrackBacks (0)

Hey, I'm on a Linux computer and because they insist on requiring Flash to play the videos, the only way I can view them is to download them and watch them with Xine. I plan on violating their terms of service...to continue to access their service...

Lawrence Lessig: When Web 2.0 meets Lawyers 1.0

Posted by at 10:17 PM | Permalink | Comments (0) | TrackBacks (0)

Summary:  people link to bloggers that provide more original content than who just provide links to other places that do so.

Funny because I was just thinking about this regarding this blog.  I think it's cool when people enjoy what I provide on this blog, but I really don't care if people read it or not.  This is where I keep track of stories and topics that interest me, instead of saved emails or bookmarks that I never look at again.  I can always go back and find what I found interesting and what I wrote about it.  Pretty cool in my book.

My blog doesn't really have many that link to it and probably the fact that I post many links without a lot of commentary a lot of the time is a good reason why.  But I disagree that nobody links to linkers.  I personally like blogs because they act as filters or lenses that focus news and interesting content.  There are tons of blogs but I like the ones whose mix of topics coincides most with what I'm interested in.  Even if they just link to other places, that's fine with me.  It's the filtering service that is the value-add, not necessarily original content.

That said, I have anecdotal evidence that my blog only gets noticed when I post original content.  My recent entry about SOA security is a perfect example.  I also was thinking about how I like the SANS newsbites because they actually summarize the stories they link to, not just provide links (on a related note, the links in Crypto-Gram require me to go read every story that sounds interesting so I generally read fewer of them).

No-one links to the linkers at Andrew Garrett’s Mutation

Posted by at 7:03 PM | Permalink | Comments (0) | TrackBacks (0)

This is great news.  They did the same with other phones, including the e815 that I have.  Fortunately, there are ways around this to re-enable the crippled features, but they are out of reach to most consumers.  I had to buy a data cable and software on eBay to uncripple my phone.

[infowarrior] - Verizon Slapped for Crippling Bluetooth

Verizon has been getting weasely with some of its customers in California who bought its Motorola v710 Bluetooth-³capable² phone on or before January 31, 2005. Preliminary approval of the settlement was granted in a California court for a class-action suit against the company because it didn¹t accurately tell prospective customers that its Bluetooth features weren¹t what they appeared to be. Verizon said the phone ³works with a PC² but left out that part about how you can¹t wirelessly sync photos or contacts or any other files using Bluetooth.

Posted by at 3:48 PM | Permalink | Comments (0) | TrackBacks (0)

Plus recommendations on where to, and where not to, use them, based on the best use of the technology for the money without excessive wear on the lamps.

What C.F. Lamps to Use Where

Posted by at 9:17 PM | Permalink | Comments (0) | TrackBacks (0)

Google code search (kottke.org)

Find all sorts of interesting things in source code out there, or web sites running interesting code. There's a great list to get you started "Google Code Hacking".

Posted by at 9:38 AM | Permalink | Comments (0) | TrackBacks (0)

Network Neutrality Threatened In Norway

A very clear description of the Net Neutrality issue and how the claims made by those against it are baseless.

Posted by at 8:12 PM | Permalink | Comments (0) | TrackBacks (0)

Media Convert - free and on line - convert and split sound, ringtones, images, docs - MP3 WMV 3GP AMR FLV SWF AMV MOV WMA AVI MPG MP4 DivX MPEG4 iPOD OGG WMA AAC MP4 MPC MMF QCP KAR MIDI REALAUDIO FLAC JPG PSD DOC PDF RTF TXT ODG ODP ODS ODT SXW WK1 MDB X

Would only be cooler if it removed DRM!

Posted by at 5:40 PM | Permalink | Comments (0) | TrackBacks (0)

Build a Cheap and Fast RAID 5 NAS | Tom's Networking

I'm going to need to get one of those cards and a bunch of drives to augment my data server with a terabyte of RAID-5 goodness. *yum*

Posted by at 11:41 PM | Permalink | Comments (0) | TrackBacks (0)

http://www.liveammo.com Security News Blog

legal or not, this sort of spying program probably isn't worth infringing our civil liberties for — because it's very unlikely that the type of information one can glean from it will help us win the war on terrorism.

Interesting mathematical analysis of how effective the NSA domestic call-tracking spy program could possibly be.

Posted by at 2:36 PM | Permalink | Comments (0) | TrackBacks (0)

EETimes.com - 802.11n wireless gear falls short in testing

Early adopters are likely to suffer the same problems that plagued 802.11g when it first emerged.

Posted by at 1:31 PM | Permalink | Comments (0) | TrackBacks (0)

foXpose/Tabnail plugins Two thumbnail-related plugins. One creates a single index page with thumbnails of all of your open tabs that you can use to navigate with. The other creates tiny thumbnails of the open pages in the tabs themselves. Both require firefox 1.5 or higher. It may be time to try the release candidate...

Also, since my previous post, I found several other useful and promising plugins:

Wizz RSS Newsreader
DictionarySearch
Dictionary Tooltip
Fasterfox
IE Tab Buggy, but can be convenient to change rendering engine on Windows.
BetterSearch

Security and Web Development:

Leet Key
Show IP
Stealther
Tamper Data
Web Developer
Live HTTP Headers
DownThemAll!
ColorZilla

Multimedia:
VideoDownloader
Download Embedded
DownloadThemAll! I now use this instead of FlashGot.

Posted by at 1:25 PM | Permalink | Comments (0) | TrackBacks (0)

Wired News: Worst Tech Moments 2005

Not sure I entirely agree with all of these. Looks like Bush will make the 2006 list several more times given the additional illegal spying uncovered so far. A summary of the list:

• TiVo boxes betray their owners
• Commerce Department blocks .xxx domain
• PayPal blocks Katrina aid
• Space shuttle Discovery
• Bush corrupts the NSA

Here are some items that I predict for the 2006 list:

• Senator Ted Stevens': The Internet is a series of tubes
• Senator Inhofe, Charman of the Environment and Public Works committee, global warming is the greatest hoax ever
• Rewriting The Science, Scientist Says Politicians Edit Global Warming Research - CBS News
• Bush Administration: Generally anti-science (ideology trumps science/facts)

I'm sure there are many others. These were off the top of my head.

Posted by at 1:04 PM | Permalink | Comments (0) | TrackBacks (0)

Passionate condemnation of the music industry:

[IP] MUST READ Courtney Love does the math The controversial singertak

[IP] last on this topic -- Does File Trading Fund Terrorism? Successful artists not seeing any profit.

http://www.marketplace.org/play/audio.php?media=/2003/03/12_mpp&start=00:00: 20:00.0&end=00:00:27:30.0

[IP] 2 more on Does File Trading Fund Terrorism?

And to round this out, a great interview with John Perry Barlow on the evils of Digital Restriction Management Wrapped up in Crypto Bottles

And to draw in a security angle to all of this:

Security Blog

Sony rootkit debacle highlights the failure of the security technology industry: The real story, as Bruce Schneier points out - why the hell didn't any Antivirus software (or IDS for that matter), detect this software sooner? Is corporate malware going to continue to be default allow by these products? We are collectively paying these companies billions of dollars for what?

Posted by at 11:06 PM | Permalink | TrackBacks (0)

This is so cool.

Einstein's task list generator

Posted by at 11:02 PM | Permalink | Comments (0) | TrackBacks (0)

National Missile Defense System Test Fails Again This story is over a year old but there hasn't been much better news about this boondoggle since then.

Oh, we can only hope that we are attacked by drones and not real missles... Those have been the only things that have even partially been stopped by this technology (after much rigging). Very apropos since just on the McLaughlin group today there were those that actually thought we could possibly rely on this to knock a North Korean ICBM out of the sky before it hits the US west coast.

Posted by at 10:52 PM | Permalink | Comments (0) | TrackBacks (0)

Nuclear Elephant: The Motorola v710: Verizon's New Crippled Phone

I have to say that I was really annoyed to find that my Motorola E815 couldn't even share vCards between phones using Bluetooth, let alone that they disabled the advertised ability to use mp3s for ringtones, to get photos you snap onto your PC, to play mp3s, to play videos, etc.

Posted by at 10:18 PM | Permalink | Comments (0) | TrackBacks (0)

# Enabling many:one IP masquerading from the LAN to the Internet (i.e. out the $WAN interface)
iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE

# port forwarding $WAN_IP:25 to $SMTP_SVR_IP:25
iptables -t nat -A POSTROUTING -d $WAN_IP -p tcp --dport 25 -j DNAT --to $SMTP_SVR_IP
iptables -A FORWARD -i $WAN -p tcp --dport 25 -d $SMTP_SVR_IP -j ACCEPT

# Making this cruft work from the intranet
# i.e. DESK_IP -> WAN_IP:25

# Bad rule:
iptables -t nat -A POSTROUTING -o $LAN -j SNAT --to-source $WAN_IP

# Good rule:
iptables -t nat -A POSTROUTING -o $LAN -s 192.168.1.0/24 -j SNAT --to-source $WAN_IP

Posted by at 6:13 PM | Permalink | Comments (0) | TrackBacks (0)

DIY external portable USB Hard drive: Just bought the Bytecc HD-201u2 enclosure. It is completely USB powered. Stick any laptop harddrive you want in there and go. Comes with a cable and a nice carry case (although the zipper is crap).

Preloading images on a page using only CSS

Grab a PDF copy of the Scriptaculous Cheat Sheet #1: Javascript effects Side note: someone really has the last name Fuchs? How cool is that?!

Windows, has a limit: a single PC can be controlled by a single “local” user (the “real” person on place), OR a single “remote” user. If someone logs into the computer from remote, the local user is disconnected. The following procedure deactivates this block and allows multiple persons to connect and to use a single computer from remote.

Posted by at 5:58 PM | Permalink | Comments (0) | TrackBacks (0)

Presentation Zen: What is good PowerPoint design?

A nice article showing several different ways of communicating the same message without overcomplicating your slides.

The blog also offers excellent insight into visual design appropriate for powerpoints or any visual marketing.

Posted by at 5:56 PM | Permalink | Comments (0) | TrackBacks (0)

DailyTech - Update: AMD Plans Major CPU Price Drops Day After "Conroe"

Guess I'll have to wait to buy my new system! I'm thinking an AMD AM2 motherboard will have the best socket longevity and that is the socket platform that AMD is putting its lower power consumption options on. Comparable CPUs run 89W or less in the AM2 version versus the Socket 939 equivalents. And even lower power consumption models are on the way.

If the prices do drop this dramatically, I'm not sure if I would buy a better proc or take advantage of the cheap price/performance option. We'll see.

Posted by at 10:14 PM | Permalink | Comments (0) | TrackBacks (0)

Plugging my own product, but what the hell, it is open source :)

AppArmor http://opensuse.org/Apparmor is an application security container technology for Linux. It lets you create application profiles
(policies) that define the files that the application can read, write, and execute. It lets you do this per-application, so you actually could allow users to upload arbitrary C/binary programs and expect them to behave as you specified. It provides an inheritance model so that you can't escape from this jail by exec'ing something fun: the child is controlled by policy too.

And for confining PHP (and PERL code run by mod_perl, and any other language interpreted in-place by Apache) AppArmor provides a change_hat API call and a mod_apparmor module for Apache, so that you can have AppArmor-style profiles wrapped around individual PHP pages and mod_perl scripts, even though they never appear in the process table.

If you find yourself between the rock of having to run some PHP or PERL code and a hard place of not trusting that code, try confining it with AppArmor, so that if/when the code screws up, it can only screw itself.

Crispin

--
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/
Director of Software Engineering, Novell http://novell.com

Posted by at 10:55 AM | Permalink | Comments (0) | TrackBacks (0)